Graphical Remote Control Desktops for Linux, part 2 - page 3

Dynamic DNS setup and Wake-On-LAN (WOL)

November 3, 2008

By
A. Lizard

The port commonly used for SSH on Linux is Port 22. Why not use it? Everyone else knows that too, and if your SSH port is available, it's always possible that an exploit will be discovered against SSH and tested on your server. Some systems also block "commonly used ports", i.e. everything below 1024. So pick something higher that isn't already running a service you actually use. Here is one of many listings of port usage. I am using port 54322 for an example in this discussion. I will explain how to change the port number in the following.

Install ssh and ssh-agent and libpam-ssh. Libpam-ssh is in because the last line of sshd_config says "UsePAM yes" , it seems reasonable that a ssh PAM library should go with this.

# aptitude install ssh ssh-agent libpam-ssh
Below is a list of ssh-related applications found on my server. If these packages aren't all installed with the possible exception of kdessh, there's a good chance this won't work. So do the search command below and install the packages which weren't already installed as part of installing ssh ssh-agent libpam-ssh as real (i) or virtual (v) packages.

# aptitude search ssh

i A kdessh

- ssh frontend for KDE

v libnet-ssh-ruby

-

i libpam-ssh

- enable SSO behavior for ssh and pam

v libssh-dev

-

i A libssh2-1

- SSH2 client-side library

i openssh-blacklist

- list of default blacklisted OpenSSH

i A openssh-blacklist-extra

- list of non-default blacklisted

i openssh-client

- secure shell client, an rlogin

i openssh-server

- secure shell server, an rshd repl

i ssh

- secure shell client/server (metapackage)

v ssh-client

-

v ssh-server

-

If ssh_config and sshd_config exist, rename ssh_config ssh_config-backup and sshd_config ssh_config-backup. If these files do not exist after you install ssh, get the openssh-client* binary for your distribution, from wherever convenient, do:

copy the ssh_config file into /etc/ssh . Don't worry about sshd_config, you'll get it somewhere else as you will see below.
Open a text editor as root. Copy and paste the ssh_config-backup file into your text editor

Make the following changes to it:
change# GSSAPIAuthentication no
GSSAPIAuthentication no
change# CheckHostIP no
CheckHostIP no
find# IdentityFile ~/.ssh/identityadd:# changed to enable v2 keysaddIdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
change# Port 2254321 means whatever SSH port ID you decide on through the rest of the install.Port 54321
if these lines are at the end of ssh_config, delete them:GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

Save and exit.

Open a text editor as root. Go to this page. If that page is no longer available, get it from www.archive.org It has most of the changes needed to make sshd_config work for NX Server. for Go down to the post with timestamp: ";May 22nd, 2007, 06:42 AM" . Copy and paste the sshd_config file into your text editor.change# Port 22
Port 54321change#ListenAddress 0.0.0.0
ListenAddress 0.0.0.0changeAllowUsers nx cwmoser carl sharon
AllowUsers nx username
Username means your server account username, multiple usernames on the host can be added to give them remote access to the server desktop. nx must be in the AllowUsers entry.If these lines are at the end of the document, comment them out or delete them. GSSAPIAuthentication yes
GSSAPIDelegateCredentials noSave to /etc/ssh/sshd_config and exit.Once ssh is configured:# /etc/init.d/ssh restart
If you connect via ssh to a terminal session on your system by:

(IP can be LAN address or your Internet IP address)
there's a good chance your ssh is correctly configured.

If you never got around to creating ssh keys for your machine and yourself, now is the time to do this. If you created these keys quite some time ago, there was a major vuln in an earlier version of the ssh-keygen , earlier keys should be recreated. However, even if correctly configured, you're going to have to make some changes in your setup if you want it to work with NX Server. Note that ssh as a way to open a terminal on a remote computer is a useful debugging tool all by itself, some of the configuration work done the on the NX server setup for this article was done via ssh terminal session from the remote client machine I was not running NX client on because it wouldn't connect.

Most Popular LinuxPlanet Stories

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.